Protecting Against Viruses on a PC



Combating Viruses with Anti-Viral Software

The most important thing you can do to safeguard against viruses or combat existing ones is to use anti-viral software. Anti-viral software performs three functions: prevention, detection, and removal of viruses. (For a general overview of computer viruses and their symptoms, see the section "About Viruses".)

There are several anti-viral programs available for Windows computers. Most are commercial packages; these include McAfee's VirusScan, Symantec's Norton AntiVirus, DataWatch's Virex, and Dr. Solomon's Anti-Virus Toolkit. One very popular package, F-PROT, is freeware.

The two main packages recommended by Stanford are McAfee's VirusScan and F-PROT. You should select one of these tools as your main anti-viral software.


VirusScan

VirusScan, made by McAfee Inc., is a highly effective commercial anti-viral program and is available on Windows 3.1, Windows 95, Windows NT, and Macintosh platforms. It is currently licensed to Stanford University and is available for Stanford faculty, staff, and students, and SLAC employees at no charge.

In addition to combating the standard viruses that affect operating systems, applications and disk drives, VirusScan is also effective against the Microsoft Word viruses that have become common on campus. (For more information on this type of "macro" virus, see "A Word about Macro Viruses" below.) McAfee also provides regular updates to the "virus definition files" that help VirusScan identify new viruses.

The system requirements for VirusScan are:

Windows 3.1:
  • IBM-compatible personal computer running Windows 3.1x; 386 or better

  • 5MB hard drive space

  • 4MB of available memory (8MB recommended)
Windows 95:
  • 2.5MB of free hard drive space

  • At least 8MB of memory
Windows NT:
  • A workstation running Windows NT, version 3.51 or later

  • 1.5MB of free hard drive disk space

VirusScan is available as part of the PC-Stanford package. You can go to the PC-Stanford Web Page to learn more about the entire suite of applications and download the software. Direct links are also provided in this document below.

Installing VirusScan on a Computer Connected to SUNet

  1. If the computer on which you want to load VirusScan is directly connected to SUNet, download the single-file VirusScan installer file. To do so, go to the PC-Stanford Single File Installer Download Page.

    In order to download the software, you must have a valid SUNet ID and password. You will be asked provide your SUNet ID and password at the WebLogin authentication page. After you have been authenticated, you can proceed to download the software.

  2. Format a diskette for the VirusScan Emergency Disk (Windows 95 and NT only).

    Before you run the installer program, create a bootable high-density diskette for your system. You'll need to do this from DOS. Enter either of the following commands at Start/Run:

    format a: /s   If your diskette is not yet formatted

    sys a:   If your diskette is formatted

  3. To install VirusScan, simply click on the ".exe" file (e.g., vscan95.exe) to run the installer program. Follow the instructions and select "Typical" when the program asks what kind of installation to perform.

  4. (Windows 95 and NT only) At the end of the installation, you will be prompted to create an "Emergency disk." Insert the diskette you prepared in step 2 above.

Installing VirusScan on a Computer NOT Connected to SUNet (Windows 95 and NT only):

  1. If you plan to install VirusScan on a computer not connected to SUNet, such as your computer at home, you will need to place the installer program on a set of floppy disks. To do so, go to the PC-Stanford Floppy Disk Creation Page at
    http://www.stanford.edu/group/itss/pcstanford/download/floppy.html
    In order to download the software, you must have a valid SUNet ID and password. You will be asked provide your SUNet ID and password at the WebLogin authentication page. After you have been authenticated, you can proceed to download the software.

  2. Double click on the vs95_all.exe or vsnt_all.exe file to extract the disk image files. Then to make the set of installation floppies, double click on each of the image files (which are labeled something like "v95_dks1.exe", "v95_dks2.exe", etc.) and follow the instructions. You will be asked to insert a floppy disk; make sure each floppy is a completely blank, PC-formatted 1.44 MB disk.

  3. Format a diskette for the VirusScan Emergency Disk. Before you run the installer program, create a bootable high-density diskette for your system. You'll need to do this from DOS. Enter either of the following commands at Start/Run:

    format a: /s   If your diskette is not yet formatted

    sys a:   If your diskette is formatted

  4. Insert the installation floppy disks (from step 2) into the computer on which you want to install VirusScan and launch the "setup" program from the A: drive. Follow the instructions and select "Typical" when the program asks what kind of installation to perform.

  5. At the end of the installation, you will be prompted to create an "Emergency disk." Insert the diskette you prepared in step 3 above.

Installation Notes

It is highly recommended that you download and read the User's Guide for VirusScan for your operating system. These are the files ending in ".pdf". You will need Adobe Acrobat to view and print the manual. If you don't have Adobe Acrobat Reader, go to http://www.adobe.com/prodindex/acrobat/readstep.html to download a copy.

In order to be protected against all known viruses, it is important to keep the virus definitions up to date. McAfee updates the DAT files every 6-8 weeks. When Stanford gets these updates, they will be put on ftp.stanford.edu, but if want to be sure you have the latest, you should download them directly from McAfee at http://www.mcafee.com/down/dat.html.

You can also choose to get email notification directly from McAfee when they have new DAT files available for download. Go to http://www.mcafee.com/down/datlist.html, fill in your email address and click "submit."

Configuring VirusScan

Repairing Damage from Macro Viruses

While VirusScan does detect and remove the Word and Excel macro viruses, it will not fix damage from macro viruses, such as changing virus-affected templates back into regular documents. For details on how to repair affected files, see http://www.mcafee.com/support/techdocs/vinfo/t0118.asp and download the "DOCFIX for MS Word Version 6/7" file.

F-PROT 2.27 (For Windows 3.1 and DOS)

For PC users running Windows 3.1 or DOS, if you are unable to use VirusScan, F-PROT is the recommended anti-viral tool. FPROT does not work for Windows 95 or Windows NT.

Important Note:F-PROT does not protect against macro viruses. If you are using Microsoft Word 6 or greater files, it is highly recommended that you also install the Macro Virus Protection Tool, discussed below.

F-PROT should be the primary component in your arsenal of anti-viral tools. (A commercial version called F-PROT Pro, sold by Data Fellows, is also available.) There are two parts to F-PROT: VIRSTOP.EXE, which is used for the prevention of viral infections, and F-PROT.EXE, the preferred method for detecting and removing viruses.

If VIRSTOP detects a virus attack, it will stop the process and display an alert telling you what virus is present. You should then run the F-PROT application to remove the virus.

F-PROT is easy to install, but it is very important to stay up-to-date with this tool, because it only recognizes viruses it has been taught about. As of September 1997, F-PROT 2.27 is the latest version available; it can be found at the following location:

ftp://ftp.datafellows.com/f-prot/free/fp-227a.zip
Make sure you have the latest version, otherwise you won't be protected against all known viruses. The most recent version will always be found in the ftp://ftp.datafellows.com/f-prot/free directory.

After you have downloaded FPROT, you will need to uncompress it with a utility called unzip. If you don't have the unzip utility you can download it from:

ftp://ftp.simtel.net/pub/simtelnet/msdos/arcers/unz531x.exe
When you run unzip, many files will be expanded on your computer, including F-PROT.EXE, VIRSTOP.EXE, and the associated documentation.


Macro Virus Protection Tool

F-PROT cannot protect against macro viruses. To combat this type of virus, if you are using Word version 6 or higher, or work with Word 6 or 7 documents, install the Microsoft Macro Virus Protection Tool. See http://www.microsoft.com/word/freestuff/mvtool/mvtool2.htm for more information. To download the Macro Virus Protection Tool directly, go to:
http://www.microsoft.com/word/freestuff/mvtool/mvtool40.exe
To protect against macro viruses in Excel 5 or greater, go to:
http://www.microsoft.com/excel/productinfo/vbavirus/add_in.htm


About Viruses

What is a Virus?

A virus is a small computer program that copies itself by attaching to another computer program. The virus may carry out some task, which is often damaging. Even if a virus is intended to be harmless, it can be detrimental nonetheless; viruses occupy memory and disk space which can be enough to disrupt normal operation of your computer.

A virus may contain a "time-bomb," where an activity is designed to occur on a certain date or when a condition has been fulfilled. An odd message may flash on the screen, or important files may be corrupted.


How Are Viruses Spread?

Some viruses infect a microcomputer and then infect every diskette that is inserted, unless the diskette is write-protected.

Other viruses attach themselves to programs, and after the infected program is run, subsequent programs are infected as well.

Infected diskettes passed around by computer users in an office can cause viruses to spread. Viruses can become a problem when people are share software in the public domain--on the Web or on bulletin boards; these distribution media make it very easy for undetected viruses to spread quickly.

Viruses can also be spread through attachments (such as Word documents) sent through electronic mail. Note that it is not the electronic mail itself, but the attached file that can carry a virus. Such an attachment will only infect your computer if you actually open up (say, in Word) or execute the attached file.


Symptoms of a Virus

Not all viruses are harmful; certain viruses only replicate and have no other intended function. The damage viruses cause range from minor to severe. Some viruses announce their presence very clearly by flashing unusual messages or graphical displays. However, usually the presence of a virus is very subtle or nearly undetectable. You may suspect a virus when: Although it's important to be aware of the potential presence of viruses, unusual behavior is most often due to bugs in software or conflicts between drivers, TSRs and other software. In fact, 99 % of all suspected new viruses are eventually proven to be (merely) mundane bugs in the operating system or applications being used.


A Word about Macro Viruses

A new kind of virus, called a macro virus, has emerged and spread rapidly across the campus. This virus strain does not infect the operating system, programs, or pose a threat to your hard drive, but changes documents that use macros (small programs that are associated with documents). Macro viruses are spread in Microsoft Word 6 or higher documents, on both Windows and Macintosh platforms. Macro viruses have also been found in Excel for Windows, version 5 and above.

One common macro virus affects Word users by turning documents into templates, no matter how they are saved. Another more dangerous virus deletes all macros from Word's NORMAL.DOT template and removes Tools:Macro and Tools:Customize from the menu commands.

If you are using Word 6.x or Word 7.x, or Excel 5 or greater, it is highly recommended that you install and use VirusScan on a regular basis to prevent the infection and spread of macro viruses. See the section on VirusScan above.


Safe Computing Habits: Using Anti-Viral Software

It is recommended that you use a preventative anti-viral software at all times. You should also scan your hard disk for viruses on a regular basis, especially if you have installed or downloaded software, or used floppy disks.

In addition to using anti-viral software, there are certain precautions you should get into the habit of performing in order to protect your computer from viruses:


For Network Administrators

If you manage a network of microcomputers, or are responsible for a group of computers shared in a department, it is vital that you take the precautions listed above. You should also:


For Further Information

If you want more information about virus protection, check out the comp.virus bulletin board for up-to-date information, as well as the following general information sites (maintained by virus-protection software vendors):
Last Updated: 9/23/97
Stanford IT Help Desk / Copyright © 1997, Stanford University
http://www.stanford.edu/group/itss-customer/docs/pc_virus.html
Please e-mail questions or comments to: ca-doc@forsythe.stanford.edu